NA
367 8
Asked
Updated
Viewed
8.1k times

I am using ATOM editor and trying to configure a package called remote-ftp.

I just found out that FTP shouldn't be used because it sends data unencrypted, so I'm configuring the SFTP settings.

One setting asks for my private SSH key. I assumed that I should never give that out and there was some mistake and they meant to ask for the public key.

Weird thing is... the public key doesn't work and the private key does. Is this correct? Am I completely misunderstanding public and private ssh keys?

add a comment
1

1 Answer

  • Votes
  • Oldest
  • Latest
Answered
Updated

Locally you have to reference your private key so that you can decrypt the initial message that contains the secret, so that is correct.

What will happen is that when you connect via SFTP, your webhost basically create a secret password or secret handshake and will send that as a message back to you. However, to prevent 3rd parties from sniffing your internet connection and figuring out this secret password, your web host will utilize your public key to encrypt that message that contains this. They will send this encrypted message over the internet back to you.

The only person that can decrypt a message signed by a public key is the person who holds the private key. So your private key is used (why ATOM needs reference to your private key), to decrypt the message sent by your host. This message contains the secret password or secret handshake. Now both parties, your webhost, and yourself contain this random secret that was generated. From there the SFTP program will utilize a different form of encryption where all you need is this secret to encrypt or decrypt the message, of which you both now have.

So to summarize, to start off the connection will utilize one-way encryption using the public/key pair where anybody with a public key can encrypt the message, but only one person can decrypt the message and that is the person with the private key. Once that exchange is done and been utilized to create a secret, the connection will switch over to utilizing two-way encryption where both parties can encrypt/decrypt the message with some random secret that was passed over initially.

add a comment
0